5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

- Blog Khoa Hc My Tnh - http://www.procul.org/blog -

Lm an ton thng tin th hc g?

Tc gi thaidn, Ngy 02/05/2012 @ 5:31 pm, mc: Bo mt v mt m hc,Gio dc,Gii thiu sch, | 3 phn hi 1 Gii thiu Ti nhn c th t ca nhiu bn hi v vic nn hc g v nh th no c th tm c vic lm v lm c vic trong ngnh an ton thng tin (information security). Ti ngh vic u tin bn cn phi lm l in ton b bi vit Lm th no tr thnh white hat hacker ra giy, nhng ng c, m hy chng trong toilet khi no cn th xi dn. Quay tr li cu hi. An ton thng tin l mt ngnh rng ln vi rt nhiu lnh vc. Nhng g ti bit v lm c ch gi gn trong mt hai lnh vc. C rt nhiu mng kin thc c bn m ti khng nm vng v cng c nhiu k nng m ti khng tho. Hack ti khon Yahoo! Mail l mt trong s . Ti cng khng bit cch tm a ch IP ca bn chat . Xt theo nm mc ngu dt th ti nm mc 1OI thiu kin thc hu ht cc lnh vc trong an ton thng tin. Cng c lnh vc ti nm mc 2OI thiu nhn thc. Nhiu ln c sch v hoc ni chuyn vi ng nghip, ti hay nhn ra rng c nhiu th ti khng bit l ti khng bit. Theo ca anh Ng Quang Hng th y l chuyn bnh thng: Dn my tnh thng phi c/hc rt nhiu theo kp s pht trin vi tc nh sng ca ngnh mnh. Trong qu trnh ny, vi mi vn X ca ngnh, ta s chuyn dn dn t 3OI xung 1OI. Sau , nu X l ci m ta tht s thch hoc cn cho cng vic th s chuyn n ln 0OI.
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 1/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

Rt nhiu sinh vin v nghin cu sinh KHMT mc 3OI khi mi bt u i hc. Sau h tm hiu v qu trnh nghin cu, qu trnh tm cc vn v hng nghin cu mi, qu trnh cp nht kin thc v ngnh ca mnh, v chuyn dn cc th ln 2OI. c mt qu trnh hiu qu t 3OI ln 2OI khng d cht no. V d n gin: cc journals, conference no trong ngnh mnh l c gi tr, lm th no tm c cc bi trong chng, phng php lc bi c th no, vn vn. Ti thy anh Hng ni c l, nn mc tiu chnh ca bi vit ny l cung cp mt qu trnh hiu qu bt ngu v an ton thng tin. 2 Lm an ton thng tin l lm g? Ti mun vit phn ny v nhiu ngi tng ti lm bo v khi ti ni ti lm security. Ngoi ra c l l do th trng vic lm an ton thng tin Vit Nam khng phong ph nn hu ht u ngh rng lm an ton thng tin ngha l m bo an ton h thng mng (network/system security), trong khi thc t y ch l mt trong s rt nhiu cng vic trong ngnh. Trong bn phn nh tip theo, ti s gii thiu bn nhm cng vic chnh trong ngnh. i vi mi nhm cng vic, ti s bn mt cht v trin vng ngh nghip Vit Nam v M, hai ni m ti c dp c quan st. Nu bn khng bit bn thch lm g th c chn mt cng vic ri lm th. Cc cng vic ny u c lin quan nhau, nn kin thc m bn hc c trong qu trnh th vn hu ch cho nhng ngh khc. 2.1 An ton sn phm (product security) Cng vic chnh ca nhm ny l lm vic vi cc i pht trin sn phm m bo sn phm lm ra an ton cho ngi dng v an ton cho h thng ca cng ty, c th l: Kim nh m ngun v thit k ca sn phm
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 2/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

Pht trin cc gii php k thut v quy trnh pht trin phn mm an ton pht hin v ngn chn nhng k thut tn cng bit o to nhn lc nng cao nhn thc v an ton thng tin cng nh k nng vit m an ton Nghin cu cc hng tn cng mi c th nh hng h thng sn phm v dch v ca cng ty Tm gn li th nhm ny chuyn tm l hng v k thut tn cng mi. y l cng vic ca ti v ti thy y l cng vic th v nht trong ngnh . M th thng thng th ch c cc hng c phn mm v dch v ln nh Facebook, Google, Microsoft, Oracle, v.v. hay cc tp on ti chnh ngn hng ln mi c i ng ti ch m nhim cng vic ny. Cc cng ty nh thng ch thu dch v ca cc cng ty t vn. IBM v Big Four u c cung cp dch v t vn ny. Du vy nu c chn la th ti s chn lm cho cc cng ty chuyn su nh Matasano, iSec, Leviathan, Gotham, IOActive, Immunity, v.v. Vit Nam th th trng vic lm cho ngi lm an ton sn phm c v m m hn. Cho n nay ti bit ch c mt vi cng ty Vit Nam l c nhn vin chuyn trch lnh vc ny. Cc cng ty khc (nu c quan tm n an ton thng tin) th hu nh ch tp trung vo an ton vn hnh. Cc cng ty t vn an ton thng tin Vit Nam cng khng t vn an ton sn phm, m ch tp trung t vn chung chung v cc quy trnh v tiu chun an ton thng tin. 2.2 An ton vn hnh (operations security) Cng vic chnh ca nhm ny l m bo s an ton cho ton b h thng thng tin ca doanh nghip, vi ba nhim v chnh: Ngn chn: a ra cc chnh sch, quy nh, hng dn v an ton vn hnh; kin ton ton b h thng thng tin, t cc vnh ai cho
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 3/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

n my tnh ca ngi dng cui; cp v thu hi quyn truy cp h thng; qut tm l hng trong h thng, theo di thng tin l hng mi v lm vic vi cc bn lin quan v li, v.v. Theo di v pht hi: gim st an ninh mng. X l: phn hi (incident response) v iu tra s (digital forensics) khi xy ra s c an ton thng tin, t ti khon ca nhn vin b nh cp, r r thng tin sn phm mi cho n tn cng t chi dch v. y l cng vic kh nht, nhng li t phn thng nht ca ngnh an ton thng tin. Tng t nh trn, ch c cc hng ln ca M mi c i ng ti ch ph trch ton b khi lng cng vic s ny, nht l mng x l v iu tra. a s cc cng ty ch tp trung vo ngn chn v s dng dch v ca bn th ba cho hai mng cn li. Cc hng nh Mandiant, Netwitness hay HBGary cung cp dch v iu tra cc v xm nhp v c rt nhiu hng khc cung cp dch v gim st an ninh mng. Vit Nam th th trng vic lm cho ngi lm an ton vn hnh tng i phong ph hn so vi an ton sn phm. Cc cng ty v t chc ti chnh ln u c mt vi v tr chuyn trch v an ton vn hnh. a s ngi lm v an ton thng tin Vit Nam m ti bit l lm trong lnh vc ny. Du vy hu nh cha c ai v cng ty t vn no lm v phn hi v iu tra s c. 2.3 Pht trin cng c (applied security) Cng vic chnh ca nhm ny l pht trin v cung cp cc cng c, dch v v th vin phn mm c lin quan n an ton thng tin cho cc nhm pht trin sn phm s dng li. Nhm ny bao gm cc k s nhiu nm kinh nghim v c kin thc vng chc v an ton thng tin, vit m an ton v mt m hc. H pht trin cc th vin v dch v dng chung nh phn tch m tnh phn tch m
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 4/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

ng (static dynamic code analysis), hp ct (sandboxing), xc thc (authentication), kim sot truy cp (authorization), m ha (encryption) v qun l kha (key management), v.v. y l dng cng vic dnh cho nhng ai ang vit phn mm chuyn nghip v mun chuyn qua lm v an ton thng tin. y cng l cng vic ca nhng ngi thch lm an ton sn phm nhng mun tp trung vo vic xy dng sn phm hn l tm l hng. R rng loi cng vic ny ch xut hin cc cng ty phn mm ln. cc cng ty phn mm nh hn th cc k s phn mm thng phi t cng ng cng vic ny m t c s h tr t ngun no khc. Vit Nam th ti khng bit c ai lm dng cng vic ny khng. 2.4 Tm dit m c v cc nguy c khc (threat analysis) Ngoi an ton sn phm ra th y l mt lnh vc m ti mun lm. Cng vic chnh ca nhm ny l phn tch, truy tm ngun gc v tiu dit tn gc m c v cc tn cng c ch ch (targeted attack). M c y c th l virt, su my tnh, hay m khai thc cc l hng bit hoc cha c bit n m phn mm dit virt thng thng cha pht hin c. Cc loi m c ny thng c s dng trong cc tn cng c ch ch vo doanh nghip. Ti ngh rng sau hng lot v tn cng va ri th chc hn cc cng ty ln vi nhiu ti sn tr tu gi tr u mun c nhng chuyn gia trong lnh vc ny trong i ng ca h. Ngoi ra cc cng ty chuyn v iu tra v x l s c nh Mandiant, HBGary hay Netwitness m ti cp trn u ang n nn lm ra v lc no cng cn ngi. Cc cng ty sn xut phn mm dit virt d nhin cng l mt la chn. Vit Nam th ti ngh hu ht doanh nghip vn cha thy c nguy c n t cc cuc tn cng c ch ch, thnh ra h s khng tuyn ngi chuyn trch vn ny. Ti cng khng bit c cng ty t vn no Vit Nam chuyn v iu tra v x l s c hay khng. Ti ngh la chn kh d
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 5/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

nht cho nhng ngi thch mng cng vic ny l cc cng ty phn mm dit virt. Tuy nhin cng cn lu rng trong vi nm gn y Vit Nam cn xut hin nhng loi m c nhm vo ng o ngi dng my tnh bnh thng. Vn nn ny c l s cn ko di trong nhiu nm ti v l ng nhin phe ta lc no cng cn thm nhng chin s lnh ngh nh anh TQN. Thnh ra du trin vng ngh nghip khng sng sa cho lm, nhng ti rt hi vng s ngy cng nhiu ngi tham gia vo vic phn tch cc m c nhm vo ngi dng my tnh Vit Nam. i vi ti h l nhng ngi hng thm lng, chin u m ngy vi cc th lc th ch bo v tt c chng ta. 3 Hc nh th no? a s nhng bn vit th cho ti u ang hc i hc ngnh CNTT v tt c u than rng chng trnh hc qu chn, khng c nhng th m cc bn mun hc. Ti ngh y l mt ng nhn. Hi tic ln th nh trong s nghip hc tp my chc nm ca ti l khng hc nghim tc khi cn l sinh vin (hi tic ln nht l ti khng ngh hn, nhng l mt cu chuyn di khc). Ti cng ngh rng chng trnh hc i hc l lc hu v khng cn thit. By gi nhn li th ti thy ni dung v cch dy ca tng mn hc th ng l lc hu (ch c my mn trit hc Mc-Lnin l bt kp nh sng thi i), nhng ton b gio trnh i hc vn cung cp c mt ci sn kin thc rt cn thit cho mt k s an ton thng tin. i hc ngi ta c cch tip cn top-down, ngha l dy t u n cui nhng kin thc nm trong chng trnh. iu ny d dn n tnh trng l ngi hc phi hc nhng kin thc m h khng thy cn thit. Nu chng trnh hc c k v khng c nhiu thc hnh, hoc ngi dy khng ch ra c bc tranh ton cnh, v tr hin ti ca ngi hc v bc tip theo h nn lm l g th ngi hc s d cm thy rng h ang ph thi gian hc nhng kin thc v b.
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 6/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

Trong khi khi i lm th cch tip cn l bottom-up, ngha l lao vo lm, thy thiu kin thc ch no th hc b vo ch . Lc ny ti hon ton ch ng trong vic hc v ti cng hiu r ti cn hc ci g v ti sao. iu th v l mi khi truy ngc li ngun gc ca nhng kin thc ti cn phi c, ti thng thy chng nm trong chng trnh i hc. V d nh ti mun luyn k nng dch ngc m phn mm (reverse code engineering RCE) th ti thy rng ti cn phi c kin thc v t chc v cu trc my tnh. Hoc nu ti mun hc v mt m hc th ti phi hc l thuyt tnh ton, m khi ngun l l thuyt automata. Nhng ti sao trc ti cng i lm nhng khng thy c nhng l hng kin thc ny? Ti ngh l do ti lm khng su. V d nh nu bn sut ngy ch lp trnh PHP th bn s khng th hiu c ti sao phi nm vng t chc v kin trc my tnh. Hoc gi nh cng vic ca bn l sysadmin th cng s rt kh bn thy c ti sao cn phi hc l thuyt automata. Nhng g ti ni lan man trn c th tm gn li th ny: Hc da theo chng trnh i hc. Nu bn ang hc i hc cc ngnh cng ngh thng tin, khoa hc my tnh hay ton tin th nn tp trung vo vic hc cc mn trong trng. Cc hc liu trong phn 4 cng c son theo cc i hc ln trn th gii. Hc kin thc cn bn tht vng (ci g l cn bn th xem phn 4), nhng mn cn li khi no cn (cn c vo nhu cu cng vic) th hng hc. Tm d n l (side project) m bn thch lm c th nhanh chng nhn ra nhng mng kin thc cn thiu. Thi im tt nht hc mt ci g l khi bn ang l sinh vin. Thi im tt th hai l ngay by gi! Cc lp m ti lit k trong phn 4 a s l ca i hc Stanford. Bn khng cn phi n tn ni, ngi trong lp mi c th hc c. Ti thy trong nhiu trng hp th bn ch cn c lecture notes, sch gio khoa m lp
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 7/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

s dng ri lm bi tp y th vn s tip thu kin thc. Mt s lp m ti lit k di y c dy min ph rng ri trn Coursera.Bn c th tham kho chng trnh SCPD nu mun hc chung vi cc sinh vin Stanford khc. y l chng trnh hc t xa thng qua video. Bui sng lp din ra th bui chiu bn c video xem. Thi c nh cc sinh vin chnh quy khc v im phi trn B mi c hc tip. y l chng trnh m ti theo hc. im th v l mi hc k bn ch cn ly mt lp, nhng Stanford vn s cho bn xem video ca tt c cc lp khc. Ngoi Stanford v Coursera ra, bn cng c th tham kho cc lp trn Udacity, OCW v MITx. Khi ti ang vit nhng dng ny th MIT v Harvard cng b d n edX. Chng ta ang sng trong mt thi i cc k th v! By gi ch cn bn chu hc th mun hc ci g cng c lp v hc liu min ph. Nhng m hc ci g by gi? 4 Hc ci g? C ba mn quan trng cn phi hc: lp trnh, lp trnh v lp trnh! lm vic c trong ngnh ny, bn phi yu thch lp trnh. Khng c cch no khc. Th lun! Ti dnh kh nhiu thi gian tm hiu gio trnh khoa hc my tnh ca cc trng i hc ln trn th gii v ti thy tt c cc mn hc u c phn bi tp l lp trnh. Hc ci g vit phn mm cho ci . Hc v h iu hnh th phn bi tp l vit mt h iu hnh. Hc v mng th vit phn mm gi lp router, switch hay firewall. C nhn ti cng thy rng lp trnh l cch tt nht tip thu kin thc mt mn hc no , bin n thnh ca mnh. Ni cch khc, lp trnh l mt cch m ha tri thc kh hiu qu. Ngoi ra nhn vo m t cng vic phn 2, bn cng c th thy k nng lp trnh quan trng n dng no, bi hu ht cc vn v gii php ca an ton thng tin l n t phn mm. R rng mun tm li ca phn mm th bn phi hiu c phn mm thng qua m ngun trc tip hay trung gian ca n. Rt c th bn s khng phi lp trnh hng ngy, nhng
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 8/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

bn phi vit c nhng cng c nh hay nhng th vin h tr cho cng vic v cc lp trnh vin khc. Vy lm th no lp trnh gii? Cu hi ny lm ti nh n cu chuyn ci v ng lp trnh vin khng th ra khi phng tm v trn chai du gi c ghi hng dn s dng l cho vo tay, xoa ln u, x nc v lp li. T kha trong cu chuyn ny l lp li: mun gii lp trnh th cch tt nht l lp trnh nhiu v! Nhng m lp trnh bng ngn ng g by gi? y l cu hi d lm cho cc lp trnh vin onh nhau nht . C nhn ti thy rng ngi lm an ton thng tin by gi cn phi thng tho C, x86 Assembly, Python (hoc Ruby) v JavaScript. Ti c ni l do ti sao trong phn gii thiu sch tip theo. Lp trnh Brian Kernighan, Dennis Ritchie, The C Programming Language (2nd Edition): kinh in v phi-c cho tt c nhng ai mun hc C! Linus Torvalds tng ni rng [...] all right-thinking people know that (a) K&R are _right_ and (b) K&R are right. Ti tng rt s C (v ngh n phc tp), v cun ny gip ti khng cn s na. Randal Bryant, David OHallaron, Computer Systems: A Programmers Perspective: cun ny c dng cho lp CS107. c cun ny v lm bi tp ca lp CS107 s rn cho bn k nng lp trnh C v x86 Assembly. Sau khi c cun ny, bn s bit ti sao c li trn b m v cch khai thc chng. Ti rt thch cc chng ni v x86 v s lin kt gia cc cng c nh preprocessor, compiler v linker. David Hanson, C Interfaces and Implementations: mun mau ln c bida th phi thng xuyn xem ngi khc chi m hc ng mi. Tng t, mun gii lp trnh th phi thng xuyn c m ca nhng cao th. David Hanson l mt cao th C v cun sch
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 9/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

ny s ch cho bn nhiu ng mi trong vic s dng C. Ti thch cc bi tp ca cun sch ny. Ti ngh ch cn luyn cc bi ny l tr thnh mt lp trnh vin C hng lng. Justin Seitz, Gray Hat Python: Python Programming for Hackers and Reverse Engineers: cun ny s gip bn s dng Python vit nhng cng c nho nh m bt k ai lm an ton thng tin cng s phi vit mt vi ln trong i. Douglas Crockford, JavaScript: The Good Parts: JavaScript l ngn ng thng tr WWW. Nu bn mun lm an ton (ng dng v trnh duyt) web th bt buc phi thnh tho ngn ng. Cun sch rt mng ny ca tc gi JSON gii thiu y nhng vn m ngi lm an ton ng dng cn phi bit v JavaScript. Cun ny c th dng lm sch gio khoa thay cho cun Javascript: The Definitive Guide trong lp CS142 (xem bn di). c cun ny ti mi hiu closure l g v bn cht prototypal ca JavaScript. S c: nhng cun c gii thiu y. H iu hnh Abraham Silberschatz, Peter Galvin, and Greg Gagne, Operating System Concepts, 8th Edition Update: cun ny l gio trnh ca lp CS140. Ti ngh khng cn c cun ny, ch cn c notes v lm bi tp (vit cc phn khc nhau ca mt h iu hnh!) l . y l mt lp nng. Ti theo ui lp CS140 ny gia chng th phi dng li do khng c thi gian. Intel Software Developer Manuals: ti thy nn c ti liu ca 80386 trc, ri sau hng c ti liu ca cc CPU mi hn. Red Hat, Introduction to System Administration: ti rt thch chng ni v philosophy of sysadmin ca cun ny v ti ngh k nng qun tr h thng l cc k cn thit khi mun nghin cu cc k thut tn cng/phng th mi. Khng th lm an ton vn hnh nu
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 10/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

khng c k nng qun tr h thng. S c: Mark Russinovich, David Solomon, Alex Ionescu, Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7. Mng my tnh Richard Stevens, TCP/IP Illustrated Vol I: cun sch ny qu ni ting ri nn ti ngh khng cn phi gii thiu. Ti cha c Vol II, III nhng nht nh s tm c trong thi gian ti. Lp CS144 dng mt cun sch khc. Ti cha hc lp ny, nhng ti thy bi tp ca h kh th v. Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Kent, Ronald W. Ritchey, Inside Network Perimeter Security, 2nd Edition: ti thch cun ny v n vit rt d hiu v cc vn v cng c thng gp trong an ton mng. S c: Fyodor, Nmap Network Scanning. Sau khi c nhng kin thc c bn trn, bn c th theo ui lp CS155. Lp ny c trn Coursera vi tn Computer Security. Song song vi lp CS155, bn c th tm c cc sch sau: Tm li phm mm Mark Dowd, John McDonald, Justin Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities: Kinh in v phi-c! Cun ny l kinh thnh ca lnh vc an ninh ng dng. Ti thch nht phn ni v trn s nguyn v nhng vn ca ngn ng C trong cun ny. Dafydd Stuttard, Marcus Pinto, The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws: cun ny tp trung vo ng dng web. Ti khng c cun ny k lm, m ch
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 11/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

thng dng n tham kho. Du vy ti ngh n l mt cun gii thiu tt cho nhng ai mi bt u. Michal Zalewski, The Tangled Web: cun ny mi xut bn gn y nhng ngay lp tc tr thnh kinh in! Cun ny c kt qu trnh nghin cu v an ninh web trong vi nm tri ca mt trong nhng hacker xut sc nht th gii. Ti ngh ch cn c cun ny l bn c th bt u tm l kim tin c ri. Cun ny v cun trn c dng lm sch gio khoa ca lp CS142. S c: Tobias Klein, A Bug Hunters Diary: A Guided Tour Through the Wilds of Software Security Dch ngc m phn mm Eldad Eilam, Reversing: Secrets of Reverse Engineering: mc d c rt nhiu ngi vit v RCE nhng ti thy y l cun duy nht h thng ha c cc bc quan trng cn phi lm khi cn dch ngc m ca mt tp chng trnh no . Chris Eagle, The IDA Pro Book: The Unofficial Guide to the Worlds Most Popular Disassembler: IDA Pro l cng c tt nht lm RCE v y l cun sch tt nht v IDA Pro. Nm vng C v x86 Assembly th ch cn c cun ny l bn c th bt u RCE cc phn mm phc tp. Tham kho cc ti liu v dch ngc m phn mm ca lp PenTest ca i hc NYU. S c: Christian Collberg, Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection S c: Michael Sikorski, Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 12/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

iu tra s (digital forensics) Brian Carrier, File System Forensic Analysis: Brian Carrier l tc gi ca b cng c forensic ni ting The Sleuth Kit. Cun ny gip ti khai qut c mt on video b xa lu trong mt my camera quay ln cc my ATM. S c: Cory Altheide, Harlan Carvey, Digital Forensics with Open Source Tools Mt m ha Niels Ferguson, Bruce Schneier, Practical Cryptography: ti c nhiu k nim p vi cun ny . Hu ht cc kt qu lm vic ca ti trong vi nm va ri l nh vo vic c cun ny. Ti chp li y gii thiu rt hay ca mt ngi bn: The best security books, you can read inside out, taking any recommendation on what to do and looking for people to do the opposite to find flaws. Firewalls and Internet Security was like that. So was Practical Unix Security, and so is TOASSA. This is that book for crypto. Its also the one book on crypto you should allow yourself to read until you start actually finding crypto flaws. Jonathan Katz, Yehuda Lindell, Introduction to Modern Cryptography: Principles and Protocols: y l sch gio khoa ca lp CS255. Lp ny l lp Cryptography trn Coursera. S c: Adam Young, Moti Yung, Malicious Cryptography: Exposing Cryptovirology Ch y l nhng cun sch tp trung vo cng vic hng ngy v s thch ca ti ni cch khc, cn thiu nhiu sch ca cc mng cng vic khc. Du vy ti ngh nhng cun sch ny s gip bn c c mt kin thc nn tng vng chc t theo ui cc ngh nghip khc nhau trong ngnh an ton thng tin. Trong thi gian ti ti s cp nht thm nhng cun sch m ti ang v s c. Nu bn bit sch no hay th hy
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 13/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

gii thiu cho ti. Ngoi ra trong cc sch m ti va lit k khng c cun sch ton (v l thuyt khoa hc my tnh) no c. Ti ngh bn s t c cu tr li cho cu hi C nn hc ton hay khng? khi bt u hc mt m. V hai mng ny th ti rt thch lp Great Ideas in Theoretical Computer Science ca Scott Aaronson v cun A Computational Introduction to Number Theory and Algebra ca Victor Shoup. Thch n ni ti phi vit on ny ch nhc n chng . Ti cng tng dnh ra nhiu thng nh vt vi Introduction to the Theory of Computation ca Michael Sipser. Nhng thi, ti khng mun gii thiu sch ton na v ti rt dt mn ny! 5 Bt u ni nhm v ht Phew! Khng ng l ti cng vit c cho n y (hi vng l bn vn ang c!). Ti nh vit dng di v thi hc tp ny n, nhng thi bi di v nhiu thng tin ri, nn ti ch ni ngn gn th ny: Ci m ti va v ra l mt con ng. Th tht l ti khng bit ch n ca n l g ti ch bit rng hnh trnh m ti i qua (v hi vng l nhng chng ng sp ti) mang n cho ti rt nhiu nim vui nim vui ca mt con ngi i khm ph th gii, chinh phc nhng th thch, ri chia s nhng cu chuyn hay ho vi tt c mi ngi.Mi ngy ti u dnh thi gian c sch, lm bi tp, vit m hoc chng minh mt ci g . Khng ai bt ti phi lm nhng chuyn . C nhng th ti hc cng khng (hoc cha) c lin quan g n cng vic. Ti hc ch v ti thch v t m. Ti hc v ti mun hiu thm nhng th m ti cho l hay ho. Ti hc v ti mun i mi, i mi, i n tn cng nhng ci m ngi ta vit trong sch, xem c g hay khng. Hm ri ti c mt mu chuyn v Richard Feynman, trong c on k v lc Feynman b bnh gn t xa tri, ng tm s rng, [I'm going to die but I'm not as sad as you think because] when you get as old as I am, you start to realize that youve told most of the good stuff you know to other
www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/ 14/15

5/4/12

Blog Khoa Hc My Tnh Lm an ton thng tin th hc g? Print

people anyway. ng nhin nhng g ti bit lm sao m good bng nhng g Feynman bit, nhng du sao th ti cng s hc theo Feynman: c bit chuyn g hay ho th k cho nhiu ngi khc cng bit. Bi ny l mt chuyn nh th. Happy hacking! (cm n i ca M. c v sa bn nhp ca bi ny)

Bn in ly t Blog Khoa Hc My Tnh: http://www.procul.org/blog URL n bi:: http://www.procul.org/blog/2012/05/02/lam-antoan-thong-tin-thi-h%e1%bb%8dc-gi/

Copyright 2005--2012 Blog Khoa Hc My Tnh.

www.procul.org/blog/2012/05/02/lam-an-toan-thong-tin-thi-hc-gi/print/

15/15